<?php

# 
# Copyright (c) 2002-2007 Eric Wallengren
# This file is part of the Continuous Automated Build and Integration 
# Environment (CABIE)
# 
# CABIE is distributed under the terms of the GNU General Public
# License version 2 or any later version.  See the file COPYING for copying 
# permission or http://www.gnu.org. 
#                                                                            
# THIS MATERIAL IS PROVIDED AS IS, WITH ABSOLUTELY NO WARRANTY EXPRESSED OR  
# IMPLIED, without even the implied warranty of MERCHANTABILITY or FITNESS 
# FOR A PARTICULAR PURPOSE.  ANY USE IS AT YOUR OWN RISK. 
#                                                                            
# Permission to modify the code and to distribute modified code is granted, 
# provided the above notices are retained, and a notice that the code was 
# modified is included with the above copyright notice. 
# 

    #
    # I'm not trying to be super secret here.  I'm using the session_start
    # and super global SESSION variable for authentication. It's a bit 
    # convoluted but works as long as you trust 'cleartext' passwords being 
    # sent on the network.
    #
    require_once("unixsys.php");
    require_once("defs.php");
    require_once("common.php");

    if (!isset($_SESSION)) {
        session_start();
        $ajaxarray = array();
        session_register($ajaxarray);
    } 

    if (!isset($_SESSION['LOGGEDIN'])) {
        $_SESSION['LOGGEDIN'] = FALSE;
    } 

    if (!isset($_SESSION['LOGGEDOUT'])) {
        $_SESSION['LOGGEDOUT'] = FALSE;
    } 

    $SQL = new sqlfuncs();

    $SQL->__construct($server, $username, $password, $database);

    $action = $_REQUEST['access'];

    switch($action) {

        case 'logout':
            $referer    = $_SERVER["HTTP_REFERER"];
            $logoutuser = $_SESSION["PHP_AUTH_USER"];
            if ($_SESSION['LOGGEDIN'] === TRUE) {
                $_SESSION['LOGGEDIN']  = FALSE;
                $_SESSION['LOGGEDOUT'] = TRUE;
                unset($_SESSION['PHP_AUTH_USER']);
            }
            echo "<h2>Logging out $logoutuser</h2>\n";
            echo "<meta http-equiv=\"REFRESH\" content=\"1;url=$referer\">";
            exit;
            break;
        default:
            break;

    }

    if ($_SESSION['LOGGEDOUT'] === TRUE) {
        $_SERVER['PHP_AUTH_PW'] = '';
    }

    if ($_SESSION['LOGGEDIN'] === FALSE && $_SESSION['LOGGEDOUT'] === FALSE) {
        if (isset($_SERVER['PHP_AUTH_USER']) && 
            isset($_SERVER['PHP_AUTH_PW'])) {
            $user = $_SERVER['PHP_AUTH_USER'];
            $pass = $_SERVER['PHP_AUTH_PW'];
            $_SESSION['LOGGEDIN'] = validateuser($SQL, $user, $pass);
            if ($_SESSION['LOGGEDIN'] === TRUE) {
                $_SESSION['PHP_AUTH_USER'] = $_SERVER['PHP_AUTH_USER'];
            } else {
                unset($_SESSION['PHP_AUTH_USER']);
            }
        }
    }

    switch($action) {

        case 'login':
            if ($_SESSION['LOGGEDIN'] === FALSE) {
                $_SESSION['LOGGEDOUT'] = FALSE;

                if (!isset($HTTP_AUTH_REALM)) {
                    $HTTP_AUTH_REALM = "Cabie Authorization";
                    displaylogin($HTTP_AUTH_REALM);
                }
            }
            break;
        default:
            break;

    }

    function validateuser($SQL, $user, $password) {

        $querypass = md5($password);

        $result = $SQL->sql_query("select count(userid) from users where ".
                                  "userpass='$querypass' and username=".
                                  "'$user'", ";");

        if ($result[0]) {
            return TRUE;
        }

        return FALSE;

    }

    function displayLogin($realm) {
        header("WWW-Authenticate: Basic realm=\"$realm\"");
        header("HTTP/1.1 401 Authorization Required");
        echo "<h2>Authentication Failure</h2>";
        echo "The username and password provided did not work. Please ".
             "reload this page and try again.";
        $url = '/cabie.php?server='.$_REQUEST['server'].'&action=view';
        echo "<meta http-equiv=\"REFRESH\" content=\"1;url=$url\">";
        exit;
    }

?> 
